Jellyfish’s autoenrolment module for Windows allows auto enrol and renew of digital certificates on Windows machines for both Machine and User certificates including smartcard and virtual smartcard.
Jellyfish’s card management module allows virtual smartcard to be created in managed or unmanaged mode. In managed mode admins have the ability manage the full lifecycle of virtual smartcard like creation, PIN reset and destruction.
This particular video shows the process of unmanaged virtual smartcard creation and certificate enrolment. All issued certificates can be viewed and managed from Jellyfish’s management console.

Benefits include:

Supports more than one CA

Supports more than one CA type (i.e. it does not need to use a Microsoft CA at the backend)

Supports as a Service provided CAs

Allows for seamless transition between CAs (even between CA products).

Has full integration with the searchable Jellyfish certificate database

Autoenrolment module for Linux allows Linux machines to auto enrol and renew digital certificate. The module leverages Simple Certificate Enrolment Protocol and Certmonger to achieve certificate request and enrolment. All certificates issued can be viewed and managed by using Jellyfish management console.

The process uses a few lines of commands which could be combined into server build and config scripts to automatically enrol and configure certificates for webservers and other services running on Linux.

The first part of the video is showing a low privilege user logging into jellyfish then requesting a SCEP certificate for their Linux machine. The video then shows a high privilege user logging in and viewing then approving the users request. The original user that requested the certificate is then sent instructions on how to request a certificate on their Linux box.

The second part of the video shows a user requesting a certificate using the instructions sent to them. This also shows a full data dump of the certificate.

Benefits include:

Supports more than one CA

Supports as a Service provided CAs

Allows for seamless transition between CAs (even between CA products).

Has full integration with the searchable Jellyfish certificate database

Provides certificate creation rule checking

Uses the SCEP protocol so supports other devices and software that support SCEP

The LetsEncrypt Proxy feature provides the ability to capture of all certificates issued or renewed from the free LetsEncrypt Certificate Authority, which can be leveraged for globally-trusted external web server certificates. Any issued certificates found by the proxy are sent to Jellyfish, giving you oversight into which LetsEncrypt certificates and domain names are being used within your environment.

The LetsEncrypt Proxy does not interfere with any of the communication between the client and LetsEncrypt services, allowing you to utilise whichever LetsEncrypt client implementation that you desire. In addition, by proxying all traffic through our service, you can ensure that all outbound LetsEncrypt traffic is managed and easily auditable through your network.

The following video shows an example Linux server requesting a LetsEncrypt certificate, the creation of the DNS TXT record that LetsEncrypt requires, and the resultant certificate shown in Jellyfish. Behind the scenes, the issued certificate is simply captured by our proxy service and sent over to Jellyfish, all without interfering with the client/server issuance process.